Problem setting up directory authentication - forbidden error

I'm new to Apache. I set up my .htaccess file as follows

Order Deny,Allow
Deny from All
AuthType Basic
AuthName "Log in"
AuthUserFile /.htpasswd
Require user root

and create an .htpasswd file, temporarily also in the root dir, thus

root:[has of password]

but Apache reports Forbidden, rather than the log in prompt? What am I doing wrong?

THANKS!
metalaureateAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steve BinkCommented:
You are setting "Deny from All", which forbids access to all connections.  This setting determines access, and will supersede authorization - why authorize if you cannot access the content?  

If you just want authorization to control access, remove the "Deny from All".   If you want to accept connections only from specific IPs/hosts (in addition to requiring user/pass authorization from those connections), then use "Order Allow,Deny", and add Allow directives matching the IPs or hosts you want to allow.
0
metalaureateAuthor Commented:
Ok, that creates Internal Server Error.

I now have:

Order Deny,Allow
AuthType Basic
AuthName "Log in"
AuthUserFile /.htpasswd
Require user root

Any help much appreciated!
0
Steve BinkCommented:
The path you are using for AuthUserFile is an absolute path, so you will have to specify the entire path.  The .htpasswd file should most definitely not be in your root (/) directory.  If you make it a relative path (remove the beginning '/'), I believe it is relative to the current directory.

What kind of resources are you trying to serve?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

metalaureateAuthor Commented:
Just my dev site.
0
metalaureateAuthor Commented:
So now I get the login, (thank!), but I can't seem to get the password to be recognized.

What should be using to get the hash of the password?
0
metalaureateAuthor Commented:
I figured that last bit out, thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.